passenger 5.0.27 → 5.0.28

data/src/cxx_supportlib/Logging.h

@@ -339,13 +339,13 @@ void printAppOutput(pid_t pid, const char *channelName, const char *message, uns
 void setPrintAppOutputAsDebuggingMessages(bool enabled);
 
 /** Print a [BUG] error message and abort with a stack trace. */
-#define P_BUG(expr) \
+#define P_BUG_WITH_FORMATTER_CODE(varname, code) \
 	do { \
 		TRACE_POINT(); \
 		const char *_exprStr; \
-		Passenger::FastStringStream<> sstream; \
-		sstream << expr; \
-		_exprStr = Passenger::_strdupFastStringStream(sstream); \
+		Passenger::FastStringStream<> varname; \
+		code \
+		_exprStr = Passenger::_strdupFastStringStream(varname); \
 		Passenger::lastAssertionFailure.filename = __FILE__; \
 		Passenger::lastAssertionFailure.line = __LINE__; \
 		Passenger::lastAssertionFailure.function = __PRETTY_FUNCTION__; \
@@ -354,13 +354,13 @@ void setPrintAppOutputAsDebuggingMessages(bool enabled);
 		abort(); \
 	} while (false)
 
-#define P_BUG_UTP(expr) \
+#define P_BUG_UTP_WITH_FORMATTER_CODE(varname, code) \
 	do { \
 		UPDATE_TRACE_POINT(); \
 		const char *_exprStr; \
-		Passenger::FastStringStream<> sstream; \
-		sstream << expr; \
-		_exprStr = Passenger::_strdupFastStringStream(sstream); \
+		Passenger::FastStringStream<> varname; \
+		code \
+		_exprStr = Passenger::_strdupFastStringStream(varname); \
 		Passenger::lastAssertionFailure.filename = __FILE__; \
 		Passenger::lastAssertionFailure.line = __LINE__; \
 		Passenger::lastAssertionFailure.function = __PRETTY_FUNCTION__; \
@@ -369,6 +369,9 @@ void setPrintAppOutputAsDebuggingMessages(bool enabled);
 		abort(); \
 	} while (false)
 
+#define P_BUG(expr) P_BUG_WITH_FORMATTER_CODE( _sstream , _sstream << expr; )
+#define P_BUG_UTP(expr) P_BUG_UTP_WITH_FORMATTER_CODE( _sstream , _sstream << expr; )
+
 #define P_ASSERT_EQ(value, expected) \
 	do { \
 		if (OXT_UNLIKELY(value != expected)) { \

data/src/cxx_supportlib/LveLoggingDecorator.h

@@ -0,0 +1,92 @@
+/*
+ *  Phusion Passenger - https://www.phusionpassenger.com/
+ *  Copyright (c) 2010-2016 Phusion Holding B.V.
+ *
+ *  "Passenger", "Phusion Passenger" and "Union Station" are registered
+ *  trademarks of Phusion Holding B.V.
+ *
+ *  Permission is hereby granted, free of charge, to any person obtaining a copy
+ *  of this software and associated documentation files (the "Software"), to deal
+ *  in the Software without restriction, including without limitation the rights
+ *  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *  copies of the Software, and to permit persons to whom the Software is
+ *  furnished to do so, subject to the following conditions:
+ *
+ *  The above copyright notice and this permission notice shall be included in
+ *  all copies or substantial portions of the Software.
+ *
+ *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ *  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ *  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ *  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ *  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ *  THE SOFTWARE.
+ */
+#ifndef _PASSENGER_LVE_LOGGING_DECORATOR_H_
+#define _PASSENGER_LVE_LOGGING_DECORATOR_H_
+
+#include <Logging.h>
+#include <adhoc_lve.h>
+#include <string>
+#include <sys/types.h>
+#include <unistd.h>
+
+namespace Passenger {
+
+
+class LveLoggingDecorator {
+public:
+	static adhoc_lve::LibLve &lveInitOnce() {
+		std::string initOneTimeError;
+		adhoc_lve::LibLve &lveLibHandle = adhoc_lve::LveInitSignleton::getInstance(&initOneTimeError);
+
+		if (!lveLibHandle.is_lve_available()) {
+			P_DEBUG("LVE lib is not available");
+		} else if (lveLibHandle.is_error()) {
+			if (!initOneTimeError.empty())
+				P_ERROR("LVE init error: " << initOneTimeError);
+		} else {
+			P_DEBUG("LVE get instance (or init) success");
+		}
+
+		return lveLibHandle;
+	}
+
+	static void logLveEnter(const adhoc_lve::LveEnter &lveEnter, uid_t uid, uid_t min_uid) {
+		if (lveEnter.lveInstance().is_lve_ready() && lveEnter.is_error()) {
+			P_ERROR("LVE enter [pid " << ::getpid() << ", uid "     << uid
+			                                        << ", min_uid " << min_uid
+			                                        << "] error: "  << lveEnter.error());
+		} else if (lveEnter.is_entered()) {
+			P_DEBUG("LVE enter [pid " << ::getpid() << ", uid " << uid
+			                                        << ", min_uid " << min_uid
+			                                        << "] success");
+		} else {
+			P_DEBUG("LVE not in [pid " << ::getpid() << ", uid " << uid
+			                                         << ", min_uid " << min_uid << "]");
+		}
+	}
+
+	static void lveExitCallback(bool entered, const std::string &exit_error) {
+		if (!entered) {
+			return;
+		}
+
+		try {
+			bool is_error = !exit_error.empty();
+			if (is_error) {
+				P_ERROR("LVE exit [pid " << ::getpid() << "] error: " << exit_error);
+			} else {
+				P_DEBUG("LVE exit [pid " << ::getpid() << "] success");
+			}
+		} catch(...) {
+			// Can be called from adhoc_lve::LveEnter destructor while stack unwinding.
+		}
+	}
+}; // class LveLoggingDecorator
+
+
+} // namespace Passenger
+
+#endif /* _PASSENGER_LVE_LOGGING_DECORATOR_H_ */

data/src/cxx_supportlib/MemoryKit/mbuf.cpp

@@ -1,6 +1,7 @@
 /*
  * twemproxy - A fast and lightweight proxy for memcached protocol.
  * Copyright (C) 2011 Twitter, Inc.
+ * Copyright (C) 2014-2016 Phusion Holding B.V.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,15 +20,29 @@
 #include <cstring>
 #include <oxt/macros.hpp>
 #include <oxt/thread.hpp>
-#include <cstring>
+#include <oxt/backtrace.hpp>
 #include <algorithm>
+#include <ostream>
 #include <MemoryKit/mbuf.h>
+#include <Logging.h>
 
 namespace Passenger {
 namespace MemoryKit {
 
 //#define MBUF_DEBUG
 
+#define ASSERT_MBUF_BLOCK_PROPERTY(mbuf_block, expr) \
+	do { \
+		if (OXT_UNLIKELY(!(expr))) { \
+			P_BUG_WITH_FORMATTER_CODE(stream, \
+				stream << "Assertion failed: " #expr "\n"; \
+				mbuf_block_print(mbuf_block, stream); \
+			); \
+		} \
+	} while (false)
+
+static void mbuf_block_print(struct mbuf_block *mbuf_block, std::ostream &stream);
+
 
 static void
 _mbuf_block_mark_as_active(struct mbuf_pool *pool, struct mbuf_block *mbuf_block)
@@ -115,7 +130,7 @@ _mbuf_block_get(struct mbuf_pool *pool)
 		pool->nfree_mbuf_blockq--;
 		STAILQ_REMOVE_HEAD(&pool->free_mbuf_blockq, next);
 
-		assert(mbuf_block->magic == MBUF_BLOCK_MAGIC);
+		ASSERT_MBUF_BLOCK_PROPERTY(mbuf_block, mbuf_block->magic == MBUF_BLOCK_MAGIC);
 		_mbuf_block_mark_as_active(pool, mbuf_block);
 		return mbuf_block;
 	}
@@ -143,8 +158,9 @@ mbuf_block_get(struct mbuf_pool *pool)
 	mbuf_block->start = buf;
 	mbuf_block->end = buf + pool->mbuf_block_offset;
 
-	assert(mbuf_block->end - mbuf_block->start == (int)pool->mbuf_block_offset);
-	assert(mbuf_block->start < mbuf_block->end);
+	ASSERT_MBUF_BLOCK_PROPERTY(mbuf_block,
+		mbuf_block->end - mbuf_block->start == (int) pool->mbuf_block_offset);
+	ASSERT_MBUF_BLOCK_PROPERTY(mbuf_block, mbuf_block->start < mbuf_block->end);
 
 	#ifdef MBUF_DEBUG
 		printf("[%p] mbuf_block get %p\n", oxt::thread_signature, mbuf_block);
@@ -171,8 +187,10 @@ mbuf_block_new_standalone(struct mbuf_pool *pool, size_t size)
 	mbuf_block->end = buf + size;
 	mbuf_block->offset = block_offset;
 
-	assert(mbuf_block->end - mbuf_block->start == (int)size);
-	assert(mbuf_block->start < mbuf_block->end);
+	ASSERT_MBUF_BLOCK_PROPERTY(mbuf_block,
+		mbuf_block->end - mbuf_block->start == (int) size);
+	ASSERT_MBUF_BLOCK_PROPERTY(mbuf_block,
+		mbuf_block->start < mbuf_block->end);
 
 	#ifdef MBUF_DEBUG
 		printf("[%p] mbuf_block new standalone %p\n", oxt::thread_signature, mbuf_block);
@@ -190,8 +208,8 @@ mbuf_block_free(struct mbuf_block *mbuf_block)
 		printf("[%p] mbuf_block free %p\n", oxt::thread_signature, mbuf_block);
 	#endif
 
-	assert(STAILQ_NEXT(mbuf_block, next) == NULL);
-	assert(mbuf_block->magic == MBUF_BLOCK_MAGIC);
+	ASSERT_MBUF_BLOCK_PROPERTY(mbuf_block, STAILQ_NEXT(mbuf_block, next) == NULL);
+	ASSERT_MBUF_BLOCK_PROPERTY(mbuf_block, mbuf_block->magic == MBUF_BLOCK_MAGIC);
 
 	#ifdef MBUF_ENABLE_DEBUGGING
 		TAILQ_REMOVE(&mbuf_block->pool->active_mbuf_blockq, mbuf_block, active_q);
@@ -215,11 +233,11 @@ mbuf_block_put(struct mbuf_block *mbuf_block)
 		printf("[%p] mbuf_block put %p\n", oxt::thread_signature, mbuf_block);
 	#endif
 
-	assert(STAILQ_NEXT(mbuf_block, next) == NULL);
-	assert(mbuf_block->magic == MBUF_BLOCK_MAGIC);
-	assert(mbuf_block->refcount == 0);
-	assert(mbuf_block->pool->nactive_mbuf_blockq > 0);
-	assert(mbuf_block->offset == 0);
+	ASSERT_MBUF_BLOCK_PROPERTY(mbuf_block, STAILQ_NEXT(mbuf_block, next) == NULL);
+	ASSERT_MBUF_BLOCK_PROPERTY(mbuf_block, mbuf_block->magic == MBUF_BLOCK_MAGIC);
+	ASSERT_MBUF_BLOCK_PROPERTY(mbuf_block, mbuf_block->refcount == 0);
+	ASSERT_MBUF_BLOCK_PROPERTY(mbuf_block, mbuf_block->pool->nactive_mbuf_blockq > 0);
+	ASSERT_MBUF_BLOCK_PROPERTY(mbuf_block, mbuf_block->offset == 0);
 
 	mbuf_block->refcount = 1;
 	mbuf_block->pool->nfree_mbuf_blockq++;
@@ -312,7 +330,7 @@ mbuf_block_unref(struct mbuf_block *mbuf_block)
 			oxt::thread_signature, mbuf_block,
 			mbuf_block->refcount, mbuf_block->refcount - 1);
 	#endif
-	assert(mbuf_block->refcount > 0);
+	ASSERT_MBUF_BLOCK_PROPERTY(mbuf_block, mbuf_block->refcount > 0);
 	mbuf_block->refcount--;
 	if (mbuf_block->refcount == 0) {
 		if (mbuf_block->offset > 0) {
@@ -338,7 +356,7 @@ mbuf_get(struct mbuf_pool *pool)
 		return mbuf();
 	}
 
-	assert(block->refcount == 1);
+	ASSERT_MBUF_BLOCK_PROPERTY(block, block->refcount == 1);
 	block->refcount--;
 	return mbuf(block, 0, block->end - block->start);
 }
@@ -356,11 +374,28 @@ mbuf_get_with_size(struct mbuf_pool *pool, size_t size)
 		return mbuf();
 	}
 
-	assert(block->refcount == 1);
+	ASSERT_MBUF_BLOCK_PROPERTY(block, block->refcount == 1);
 	block->refcount--;
 	return mbuf(block, 0, size);
 }
 
+static void
+mbuf_block_print(struct mbuf_block *mbuf_block, std::ostream &stream)
+{
+	stream << "mbuf_block: " << (void *) mbuf_block << "\n"
+		"mbuf_block.magic: " << mbuf_block->magic << "\n"
+		"mbuf_block.next: " << (void *) STAILQ_NEXT(mbuf_block, next) << "\n"
+		"mbuf_block.start: " << (void *) mbuf_block->start << "\n"
+		"mbuf_block.end: " << (void *) mbuf_block->end << "\n"
+		"mbuf_block.refcount: " << mbuf_block->refcount << "\n"
+		"mbuf_block.offset: " << mbuf_block->offset << "\n"
+		"mbuf_block.pool: " << (void *) mbuf_block->pool << "\n"
+		"mbuf_block.pool.nfree_mbuf_blockq: " << mbuf_block->pool->nfree_mbuf_blockq << "\n"
+		"mbuf_block.pool.nactive_mbuf_blockq: " << mbuf_block->pool->nactive_mbuf_blockq << "\n"
+		"mbuf_block.pool.mbuf_block_chunk_size: " << mbuf_block->pool->mbuf_block_chunk_size << "\n"
+		"mbuf_block.pool.mbuf_block_offset: " << mbuf_block->pool->mbuf_block_offset << "\n";
+}
+
 
 template<typename Address>
 static Address clamp(Address value, Address min, Address max) {

data/src/cxx_supportlib/MemoryKit/mbuf.h

@@ -1,7 +1,7 @@
 /*
  * twemproxy - A fast and lightweight proxy for memcached protocol.
  * Copyright (C) 2011 Twitter, Inc.
- * Copyright (c) 2014-2015 Phusion Holding B.V.
+ * Copyright (C) 2014-2016 Phusion Holding B.V.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -200,36 +200,39 @@ public:
 
 	// Copy assignment.
 	mbuf &operator=(BOOST_COPY_ASSIGN_REF(mbuf) mbuf) {
-		struct mbuf_block *old_block = mbuf_block;
-
-		mbuf_block = mbuf.mbuf_block;
-		start      = mbuf.start;
-		end        = mbuf.end;
-
-		if (mbuf.mbuf_block != NULL) {
-			mbuf_block_ref(mbuf.mbuf_block);
-		}
-		if (old_block != NULL) {
-			mbuf_block_unref(old_block);
+		if (&mbuf != this) {
+			struct mbuf_block *old_block = mbuf_block;
+
+			mbuf_block = mbuf.mbuf_block;
+			start      = mbuf.start;
+			end        = mbuf.end;
+
+			if (mbuf.mbuf_block != NULL) {
+				mbuf_block_ref(mbuf.mbuf_block);
+			}
+			if (old_block != NULL) {
+				mbuf_block_unref(old_block);
+			}
 		}
 		return *this;
 	}
 
 	// Move assignment.
 	mbuf &operator=(BOOST_RV_REF(mbuf) mbuf) {
-		struct mbuf_block *old_block = mbuf_block;
-
-		mbuf_block = mbuf.mbuf_block;
-		start      = mbuf.start;
-		end        = mbuf.end;
-		mbuf.mbuf_block = NULL;
-		mbuf.start = NULL;
-		mbuf.end   = NULL;
-
-		if (old_block != NULL) {
-			mbuf_block_unref(old_block);
+		if (&mbuf != this) {
+			struct mbuf_block *old_block = mbuf_block;
+
+			mbuf_block = mbuf.mbuf_block;
+			start      = mbuf.start;
+			end        = mbuf.end;
+			mbuf.mbuf_block = NULL;
+			mbuf.start = NULL;
+			mbuf.end   = NULL;
+
+			if (old_block != NULL) {
+				mbuf_block_unref(old_block);
+			}
 		}
-
 		return *this;
 	}
 

data/src/cxx_supportlib/ServerKit/HttpServer.h

@@ -161,6 +161,10 @@ private:
 		} else {
 			SKC_TRACE(client, 3, "Request object destroyed; not added to freelist " <<
 				"because it's full (" << freeRequestCount << ")");
+			if (request->pool != NULL) {
+				psg_destroy_pool(request->pool);
+				request->pool = NULL;
+			}
 			delete request;
 		}
 

data/src/cxx_supportlib/vendor-copy/adhoc_lve.h

@@ -0,0 +1,304 @@
+/*
+ *  Phusion Passenger - https://www.phusionpassenger.com/
+ *  Copyright (c) 2011-2016 Phusion Holding B.V.
+ *
+ *  "Passenger", "Phusion Passenger" and "Union Station" are registered
+ *  trademarks of Phusion Holding B.V.
+ *
+ *  Permission is hereby granted, free of charge, to any person obtaining a copy
+ *  of this software and associated documentation files (the "Software"), to deal
+ *  in the Software without restriction, including without limitation the rights
+ *  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *  copies of the Software, and to permit persons to whom the Software is
+ *  furnished to do so, subject to the following conditions:
+ *
+ *  The above copyright notice and this permission notice shall be included in
+ *  all copies or substantial portions of the Software.
+ *
+ *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ *  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ *  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ *  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ *  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ *  THE SOFTWARE.
+ */
+#ifndef _ADHOC_LVE_H_
+#define _ADHOC_LVE_H_
+
+// A library for using CloudLinux's LVE technology.
+// https://www.cloudlinux.com/lve-manage.php
+// http://docs.cloudlinux.com/understanding_lve.html
+
+#include <functional>
+#include <cstdlib>
+#include <cstddef>
+#include <sstream>
+
+#include <boost/shared_ptr.hpp>
+#include <boost/scoped_ptr.hpp>
+#include <boost/thread/once.hpp>
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <dlfcn.h>
+#include <errno.h>
+#include <stdint.h>
+
+
+namespace adhoc_lve {
+
+struct liblve;
+
+enum liblve_enter_flags {
+	LVE_NO_UBC       = 1 << 0,
+	LVE_NO_NAMESPACE = 1 << 1,
+	LVE_NO_MAXENTER  = 1 << 2,
+	LVE_SILENCE      = 1 << 3,
+};
+
+typedef void* (*liblve_alloc) (size_t size);
+typedef void  (*liblve_free)  (void *ptr);
+
+/**
+ * initializes and create instance of LVE
+ * args
+ *   allocator - pointer to function to allocate memory
+ * returns
+ *    NULL on error, errno will be set.
+ *    errno will be EINVAL if wrong version of library is used
+ *    liblve otherwise
+ */
+typedef struct liblve* (*init_lve_function_ptr_t)(liblve_alloc alloc, liblve_free free);
+
+/**
+ * destroy lve library instance
+ * args:
+ *   lve = instantiated liblive instance
+ * return 0 on success
+ *        negative number on error. errno will be set
+ */
+typedef int (*destroy_lve_function_ptr_t)(struct liblve *lve);
+
+/**
+ * enter into virutal environment
+ * args:
+ * lve = fully initialized liblve instance
+ * lve_id = id associated with LVE
+ * cookie = pointer to cookie, which returned  if task correctly migrated
+ * in LVE and used to exit from this LVE
+ * return codes:
+ * 0 = on success, negative number means error:
+ * -EPERM - don't have permission to call, or called from outside root LVE
+ * -ENOMEM - don't have memory to allocate new LVE
+ * -EFAULT - cookie is bad pointer
+ */
+typedef int (*lve_enter_flags_function_ptr_t)
+	(struct liblve *lve,
+	 uint32_t lve_id,
+	 uint32_t *cookie,
+	 int liblve_enter_flags);
+
+/**
+ * exit from virtual environment, same as lve_leave
+ * args:
+ * lve = fully init liblve instance
+ * cookie - pointer to cookie returned from lve_enter
+ * return codes:
+ * 0 = none error, all less zero is errors:
+ * -ESRCH = task not in virutal environment
+ * -EFAULT = bad cookie pointer
+ * -EINVAL = cookie not match to stored in context
+ */
+typedef int (*lve_exit_function_ptr_t)(struct liblve *lve, uint32_t *cookie);
+
+typedef int (*jail_function_ptr_t)(const struct passwd *, char*);
+
+/**
+ * Must be used once per app instances
+ */
+class LibLve : private boost::noncopyable {
+public:
+
+#ifdef LIBLVE_LOAD
+#	error LIBLVE_LOAD macro redifinition
+#else
+#	define LIBLVE_LOAD(fname) \
+		fname ## _function_ptr = \
+				(fname ## _function_ptr_t) dlsym(liblve_handle.get(), #fname); \
+		if (!fname ## _function_ptr && err_buf.str().empty()) \
+			init_error = (std::string) "Failed to init LVE library " + ::dlerror()
+
+	LibLve()
+	  : init_lve_function_ptr        (NULL)
+	  , destroy_lve_function_ptr     (NULL)
+	  , lve_enter_flags_function_ptr (NULL)
+	  , lve_exit_function_ptr        (NULL)
+	{
+		void *handle = ::dlopen("liblve.so.0", RTLD_LAZY);
+		if (handle) {
+			liblve_handle.reset(handle, ::dlclose);
+		} else {
+			// No liblve found, but it is OK and we are running
+			// on non LVE capable system
+			return;
+		}
+
+		std::ostringstream err_buf;
+
+		LIBLVE_LOAD(init_lve);
+		LIBLVE_LOAD(destroy_lve);
+		LIBLVE_LOAD(lve_enter_flags);
+		LIBLVE_LOAD(lve_exit);
+		LIBLVE_LOAD(jail);
+
+		if (!err_buf.str().empty())
+		{
+			init_error = err_buf.str();
+			return;
+		}
+
+		struct liblve* init_handle = init_lve_function_ptr(std::malloc, std::free);
+		if (!init_handle)
+			err_buf << "init_lve error [" << errno << "]";
+		else
+			lve_init_handle.reset(init_handle, destroy_lve_function_ptr);
+
+		init_error = err_buf.str();
+	}
+
+#undef LIBLVE_LOAD
+#endif
+
+	bool is_error() const { return !init_error.empty(); }
+	const std::string& error() const { return init_error; }
+
+	bool is_lve_available() const { return (bool) liblve_handle; }
+	bool is_lve_ready() const { return is_lve_available() && !is_error(); }
+
+	int jail(const struct passwd *pw, std::string& jail_err) const
+	{
+		char error_msg[8192];
+		int rc = jail_function_ptr(pw, error_msg);
+		if (rc < 0)
+			jail_err.assign(error_msg);
+		return rc;
+	}
+
+private:
+	friend class LveEnter;
+
+	/**
+	 * using boost::shared_ptr because of scoped_ptr does not allow
+	 * to specify custom destructor
+	 */
+	boost::shared_ptr<void>          liblve_handle;
+	boost::shared_ptr<struct liblve> lve_init_handle;
+
+	init_lve_function_ptr_t          init_lve_function_ptr;
+	destroy_lve_function_ptr_t       destroy_lve_function_ptr;
+	lve_enter_flags_function_ptr_t   lve_enter_flags_function_ptr;
+	lve_exit_function_ptr_t          lve_exit_function_ptr;
+	jail_function_ptr_t              jail_function_ptr;
+
+	std::string                      init_error;
+};
+
+class LveInitSignleton {
+public:
+	static LibLve& getInstance(std::string* outInitOneTimeError) {
+		if (!instance())
+		{
+			static boost::once_flag flag = BOOST_ONCE_INIT;
+			boost::call_once(flag, initOnce, outInitOneTimeError);
+		}
+
+		return *instance();
+	}
+private:
+	typedef boost::scoped_ptr<LibLve> lvelib_scoped_ptr;
+
+	static lvelib_scoped_ptr& instance() {
+		static lvelib_scoped_ptr lvelib_scoped_ptr;
+		return lvelib_scoped_ptr;
+	}
+
+	static void initOnce(std::string *err_buf) {
+		instance().reset(new LibLve);
+
+		if (instance()->is_error() && err_buf)
+			*err_buf = instance()->error();
+	}
+};
+
+class LveEnter : private boost::noncopyable {
+public:
+	typedef void (*exit_callback_t)(bool entered, const std::string& exit_error);
+
+	LveEnter(LibLve& lve, uint32_t uid, uint32_t cfg_min_uid, exit_callback_t cb)
+		: ctx(lve)
+		, cookie(0)
+		, entered(false)
+		, exit_callback(cb)
+	{
+		enter(uid, cfg_min_uid);
+	}
+	~LveEnter()
+	{
+		exit();
+	}
+
+	LveEnter& enter(uint32_t uid, uint32_t min_uid) {
+		bool is_enter_lve_allowed = (min_uid <= uid);
+
+		if (!is_enter_lve_allowed || !ctx.is_lve_ready() || entered)
+			return *this;
+
+		int err = ctx.lve_enter_flags_function_ptr(ctx.lve_init_handle.get(),
+		                                           uid,
+		                                           &cookie,
+		                                           LVE_NO_MAXENTER|LVE_SILENCE);
+		if (!err)
+			entered = true;
+		else
+			enter_exit_error << "lve_enter_flags error [" << err << "]";
+
+		return *this;
+	}
+
+	LveEnter& exit() {
+		const bool memento (entered);
+
+		if (entered)
+		{
+			int err = ctx.lve_exit_function_ptr(ctx.lve_init_handle.get(), &cookie);
+			if (err)
+				enter_exit_error << "lve_exit error [" << err << "]";
+
+			entered = false;
+		}
+
+		if (exit_callback)
+			exit_callback(memento, enter_exit_error.str());
+
+		return *this;
+	}
+
+	bool is_entered() const { return entered; }
+	bool is_error() const { return !enter_exit_error.str().empty(); }
+	std::string error() const { return enter_exit_error.str(); }
+
+	LibLve& lveInstance() { return ctx; }
+	const LibLve& lveInstance() const { return ctx; }
+
+private:
+	LibLve &ctx;
+	uint32_t cookie;
+	bool entered;
+	std::ostringstream enter_exit_error;
+	exit_callback_t exit_callback;
+};
+
+} // adhoc_lve ns
+
+#endif /* _ADHOC_LVE_H_ */